#!/bin/bash
# bus-manager-lxc-setup.sh
# Run this on the Proxmox host (HAL-HOST) to create and fully configure
# a privileged Debian 12 LXC for running Docker + Bus Manager.

set -e

# ─── CONFIG ───────────────────────────────────────────────────────────────────
CTID=130
HOSTNAME="Bus-Manager"
IP="10.0.0.228/24"
GW="10.0.0.254"
BRIDGE="vmbr0"
STORAGE="local-lvm"
DISK_SIZE="32"
RAM="4096"
SWAP="2048"
CORES="2"
DNS="10.0.0.224"
TEMPLATE="debian-12-standard_12.12-1_amd64.tar.zst"
TEMPLATE_STORAGE="local"
# ──────────────────────────────────────────────────────────────────────────────

echo "==> Checking for Debian 12 template..."
if ! pveam list $TEMPLATE_STORAGE | grep -q "$TEMPLATE"; then
    echo "    Downloading Debian 12 template..."
    pveam update
    pveam download $TEMPLATE_STORAGE $TEMPLATE
else
    echo "    Template already present."
fi

echo "==> Destroying existing CT $CTID if present..."
if pct status $CTID &>/dev/null; then
    pct stop $CTID 2>/dev/null || true
    sleep 2
    pct destroy $CTID
    echo "    CT $CTID destroyed."
fi

echo "==> Creating privileged LXC CT $CTID..."
pct create $CTID \
    ${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE} \
    --hostname $HOSTNAME \
    --ostype debian \
    --unprivileged 0 \
    --features nesting=1,keyctl=1 \
    --cores $CORES \
    --memory $RAM \
    --swap $SWAP \
    --rootfs ${STORAGE}:${DISK_SIZE} \
    --net0 name=eth0,bridge=${BRIDGE},firewall=1,ip=${IP},gw=${GW},type=veth \
    --nameserver $DNS \
    --searchdomain local \
    --onboot 1

echo "==> Starting CT..."
pct start $CTID
sleep 5

echo "==> Setting root password..."
echo "    Please enter a root password for the container:"
pct exec $CTID -- passwd root

echo "==> Installing base packages..."
pct exec $CTID -- bash -c "
    apt-get update -qq
    apt-get install -y --no-install-recommends \
        curl \
        ca-certificates \
        git \
        openssh-server \
        nano
"

echo "==> Enabling SSH root login..."
pct exec $CTID -- bash -c "
    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    grep -q 'PermitRootLogin yes' /etc/ssh/sshd_config || echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
    systemctl enable ssh
    systemctl restart ssh
"

echo "==> Installing Docker..."
pct exec $CTID -- bash -c "
    curl -fsSL https://get.docker.com | sh
    systemctl enable docker
    systemctl start docker
"

echo "==> Configuring Docker daemon..."
pct exec $CTID -- bash -c "
    mkdir -p /etc/docker
    cat > /etc/docker/daemon.json << 'DOCKEREOF'
{
    \"dns\": [\"10.0.0.224\", \"1.1.1.1\"],
    \"log-driver\": \"json-file\",
    \"log-opts\": {
        \"max-size\": \"10m\",
        \"max-file\": \"3\"
    }
}
DOCKEREOF
    systemctl restart docker
"

echo "==> Cloning Bus Manager repo..."
pct exec $CTID -- bash -c "
    cd /root
    git clone https://gitea.hideawaygaming.com.au/jessikitty/bus-manager.git
"

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "  CT $CTID ($HOSTNAME) is ready!"
echo "  IP: ${IP%/*}  |  SSH: ssh root@${IP%/*}"
echo ""
echo "  Next steps:"
echo "    1. ssh root@${IP%/*}"
echo "    2. cd /root/bus-manager"
echo "    3. cp .env.example .env && nano .env"
echo "    4. docker compose up -d --build"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"